Bill of Rights for the Internet of Things (2): What Your Toaster Really Wants

Your watch will want rights – at least if you have one of those new-fangled ones that’s also measuring your heartbeat and pinging you every time someone sends you love on Twitter.

But it’s only since they connected themselves that they became aware that they did, or had the channel to communicate it.

If we’re not careful our toasters will rise up and do the unexpected if we don’t understand the rights they deserve on the Internet of Things.

Seeking a Statement of Intent
Yesterday, I did a kind of rambling meditation on creating a Bill of Rights for a world of connected devices and communities. And I made the point that the idea here wasn’t to ignore the role of law, standards, protocols and commerce in figuring out how to manage the technology that’s about to wire the physical world.

The idea of ‘rights’ isn’t really about rights – it’s about intent. It’s about creating a shared language that bridges code and standards, functionality and law.

They provide a guideline, a statement of belief or intent. And the ideas come in particularly handy in the grey zones between what’s possible in code or in law, and what we might wish for as a culture or society when it comes to our relationship with each other or the objects in our lives.

Our Objects Have Rights Already
So let me give you an example of what I mean.

You have a toaster, say. The toaster uses Bluetooth LE and transmits a little signal into the world around it. When you walk into the room, your phone picks up the Bluetooth LE signal and opens up an app, or runs quietly in the background and sends a signal back to the toaster to let it know you’re in the room. Now, you pop a piece of bread into the toaster and the toaster knows it’s you and not your wife or kids. A few minutes later and the toast pops out nice and crisp as you like it.

Later, your wife enters the room, the toaster ‘pairs’ with her phone (or smart watch or whatever) and when her toast pops out it’s barely done….just as she likes it!

What a smart little toaster!

But behind the scenes there were some rights being exchanged. Your toaster and your phone needed to exchange some credentials to talk with each other. In theory, the toaster might have been ‘open’ and not needed any particular authentication, it would just pair itself to a passing device.

Technically, those rights are exchanged in a bunch of different ways.

For example, the toaster can be configured to one of three models according to the Bluetooth LE spec: Just Works, Out of Band and Passkey Entry.

Those three models are the equivalent of ‘rights’. They’re three possible formats for how the toaster talks to the world – it just, well, works; it needs a passkey entry; or it needs an additional level of security and uses an external means of communication, such as Near Field Communication (NFC) to exchange some information used in the pairing process.

So, your toaster already has some rights, gives some rights, and has those rights coded into how it works.

Our Objects Need Some Rights That They Don’t Already Have
Where the idea of ‘rights’ comes in handy is in the gray areas between specification and intent. This isn’t to say that every use case can’t be solved with the right application of technology…but it allows for a level of rights-trading that isn’t always “on spec”.

The clearest example might be iBeacons – the Bluetooth LE tech that lets our toaster transmit to your phone or smart watch. Beacons don’t do a lot more than let the world know that they’re there and then “pair” with approved devices to share additional little packets of information so that ‘stuff’ will happen.

But let’s say you want to install a beacon in your store, and you want to use Passkey Entry so that you restrict access to the data channels to customers only.

Your beacon is visible to everyone – we can discover that it’s there. But it will only send its more meaningful data to paired devices.

But doesn’t your beacon have the “right” to be invisible, even though it isn’t? I’m not talking here about a law or a privacy policy…I’m talking about a convention we can use to communicate intent.

Think of it like this: what if your toaster could say to a smart watch – “hey, I know you know I’m here, but I’d prefer you treat me as invisible.”

Your smart watch might have the capability to treat you as visible, but by sharing a convention around intent (“I prefer to be invisible”) our smart, connected devices can have a happier relationship with each other.

Why Rights Matter
Now, again. It’s not that these kinds of ideas can’t be built, or that the technology doesn’t support these use cases. But it’s hard to find the language to express our shared intent. And the benefit of expressing our shared intent is a more transparent system in which users and developers, policy-makers and protocol developers have a way to talk about what they mean and then to translate that meaning into artefacts that exist in the world.

Your toaster might not seem like it needs all that many rights.

But what about the heart monitor that’s built into your smart watch? What about a beacon in your car? Should the baby monitor in the nursery have different rights than the sprinkler on your lawn? They’re all ‘solvable’ by technology – but how you talk about those right in, you know, plain simple English matters.

So What Would Rights Look Like?
So the following is just a grab bag start which will begin by acknowledging a post I found since yesterday at the New York Times. In it, Limor Fried proposed user-centric principles that would underpin rights on the Internet of Things:

· Open is better than closed; this ensures portability between Internet of Things devices.
· Consumers, not companies, own the data collected by Internet of Things devices.
· Internet of Things devices that collect public data must share that data.
· Users have the right to keep their data private.
· Users can delete or back up data collected by Internet of Things devices.

But I don’t for a minute buy this as a starting point. It’s so heavily laden with a particular set of values that it becomes almost meaningless.

Instead, I’d start with some simple rights that don’t necessarily take sides on what’s “right” about rights. And I’d start by focusing on the devices themselves rather than on the consumer. My theory here is that if we don’t build out the infrastructure for the rights of objects, we’ll be limiting the field for the more social and cultural policies that Fried proposes.

So here goes:

Objects have the right to be invisible
Even when objects can be ‘seen’ they should have the right to signal that they prefer not to be. I might be wearing a heart monitor and the signal from that monitor might be detectable, but my monitor should be able to signal that it’s preference is to be ignored.

Objects have the right to be open or closed
Objects should have the option to be open to other devices and objects, closed, or by permission.

Objects have the right to authorship
Objects sense, act and otherwise create data. Objects should have the right to signal that their authorship of that data be maintained as the data is passed along to other objects.

This is a main failing of the Web, to my mind. Content can be created but its authorship lost and stripped away. It might be nearly impossible to maintain authorship of data, but objects should at least have the right to signal their preference that authorship be maintained. Maybe we’ll end up with a network of like-minded devices where authorship actually matters.

Objects have the right to make friends
Coupled with the right to invisibility and closed/open devices, objects should have the right to signal the conditions for friendship with other devices beyond simply authentication and pairing. These rights might be contingent on other rights: for example, objects might signal that they only want to be ‘friends’ with other open devices and not be used by devices that are closed.

Objects will have the right to change their identity but will signal that they do
If objects are going to learn to talk to each other, they need to understand the rules governing their names. Objects should have the right to change their identity, but won’t obfuscate from other objects that this is true.

It’s a rough start, I suppose. But hopefully it’s enough to say that while specifications and use cases and feature sets are fine, if we start to parse what ‘rights’ an object should have in simple English then maybe we’ll untap some new ways to think about the future that’s unfolding on the Internet of Things.

What do you think? Should objects have ‘rights’ expressed in different ways than protocols or code? Or are you more in line with James here, who had his own suggestions for what we need as we think about the revolutionary potential of toast:

@Dusanwriter@raphkoster No piece of toast shall, in time of dinner, be quartered in any house, without the consent of the owner.